Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

how to prevent xdd attack to childlist selector in AEM?

Avatar

Level 1

I'm having an issue to block xss attacks to childlist selector:

I've tried adding several stuff in dispatcher.any and httpd.conf, to block the url or redirect to somewhere else, but nothing works.
XiaoyuLi_0-1721290042809.pngXiaoyuLi_1-1721290138880.png

 

this issue remains:
XiaoyuLi_2-1721290346519.png

in the response header, the content-type is text/html

any ideas how to deal with this?
1 Reply

Avatar

Community Advisor

Hi @XiaoyuLi 

 

You can try this filter 

{
   /type "deny"
   /path "/etc/designs/xh1x"
   /selectors "childrenlist"
   /extension "json"
   /method "GET"
}

 

There are these new elements /path/selectors/extension, and /suffix in filters, which can be used to further control the behaviour. 

 

Thanks,

Lokesh